Router Security Alert Logs

[Desmo]

Anything to worry about?

Quote:

Mon, 2007-08-20 14:00:04 - Send E-mail Success!
Mon, 2007-08-20 21:09:18 - UDP Packet - Source:67.159.44.107,5346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,6346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,7346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,8346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - UDP Packet - Source:67.159.44.107,9346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:09:22 - Send E-mail Success!
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,5346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,6346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,7346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,8346 Destination:87.127.131.137,12653 - [DOS]
Mon, 2007-08-20 21:10:09 - UDP Packet - Source:212.25.103.182,9346 Destination:87.127.131.137,12653 - [DOS]

Quote:

TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35480 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:65.98.4.114,30335 Destination:87.127.131.137,113 - [DOS]
TCP Packet - Source:82.11.183.104,35104 Destination:87.127.131.137,49634 - [DOS]
TCP Packet - Source:82.11.183.104,35462 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35462 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,34683 Destination:87.127.131.137,49637 - [DOS]
TCP Packet - Source:82.11.183.104,32832 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35252 Destination:87.127.131.137,49635 - [DOS]
TCP Packet - Source:82.11.183.104,35480 Destination:87.127.131.137,49638 - [DOS]
TCP Packet - Source:82.11.183.104,35270 Destination:87.127.131.137,49637 - [DOS]
UDP Packet - Source:67.159.44.107,5346 Destination:87.127.131.137,12653 - [DOS]

[Mark]

I don't worry about incoming things unless they're causing damage or disruption (never happened, touch wood). Regularly pick up random password attacks on Linux and Blaster-style attacks on Windows, but none of them get past the logs.

However, if unexpected stuff is outgoing (particularly email), that's a sign of trouble.

[Desmo]

All incoming. The outgoing emails are the router emailing me

[Daz]

Just the state of the web at the moment - attacks flying around all over the shop. That and spam email.

[Desmo]

Just had another email come through...

Quote:

Tue, 2007-08-21 14:00:03 - Send E-mail Success!
Tue, 2007-08-21 17:24:10 - TCP Packet - Source:85.224.102.87,4453 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 17:25:11 - TCP Packet - Source:122.36.131.101,4078 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 19:33:46 - TCP Packet - Source:62.233.185.178,3921 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 20:52:34 - TCP Packet - Source:88.212.7.47,2375 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 21:19:23 - TCP Packet - Source:24.22.236.241,3534 Destination:10.0.0.10,5901 - [VNC12 match]
Tue, 2007-08-21 22:35:01 - TCP Packet - Source:85.204.123.67,3024 Destination:10.0.0.10,5901 - [VNC12 match]
Wed, 2007-08-22 00:50:28 - TCP Packet - Source:220.122.190.143,2375 Destination:10.0.0.10,5901 - [VNC12 match]
Wed, 2007-08-22 03:16:42 - TCP Packet - Source:24.196.87.242,1236 Destination:10.0.0.10,5901 - [VNC12 match]

Don't have VNC set up on anything right now though so not too worried.

[Daz]

Even then it would only be a problem if your router was NAT'ing the standard ports across

[Mark]

Yup - VNC is a known exploitable software (if not up-to-date or secured), so it's hardly surprising bots are going after that.

I very rarely even look any more and don't bother emailing logs. There's so much background noise and bots looking for holes that don't exist that it's a waste of my time, but then, I don't have a business to worry about with the potential downtime costs of that.

[Daz]

It's the same here Mark. Smaller clients never look at them unless they have reason to suspect something, and larger clients spend a lot of money on monitoring software/services to analyse the data for them.